Docker Networking

Networking is one of the most important parts of Docker.

Containers are useful because they isolate applications.

But applications rarely work alone.

Real systems usually require communication between services.

For example:

Frontend
    ↓
Backend API
    ↓
Database

or:

Grafana
    ↓
Prometheus

or:

WordPress
    ↓
MySQL

Docker networking makes this communication possible.

Understanding Docker networking is extremely important because modern infrastructure depends heavily on service-to-service communication.

Why Docker Networking Exists

Containers are isolated environments.

By default:

containers cannot magically communicate with everything

Docker networking provides controlled communication between:

• containers
• the host machine
• external systems
• the internet

Without networking, containers would be mostly useless.

High-Level Networking Model

Simplified architecture:

Internet
    ↓
Host Machine
    ↓
Docker Network
    ↓
Containers

Docker acts as a networking layer between containers and the outside world.

Containers Have Their Own Networking Stack

Every container receives:

• its own IP address
• its own network namespace
• its own ports
• its own routing table

Simplified model:

Container A
   IP: 172.x.x.x

Container B
   IP: 172.x.x.x

This isolation is extremely important.

It prevents applications from interfering with each other.

Docker Bridge Network

By default, Docker creates a network called:

bridge

Most containers automatically connect to this network.

Simplified model:

+----------------------+
| Docker Bridge        |
|----------------------|
| Container A          |
| Container B          |
| Container C          |
+----------------------+

The bridge network allows containers to:

• communicate internally
• access the internet
• remain isolated externally

Viewing Networks

To list Docker networks:

docker network ls

Typical output:

bridge
host
none

These are Docker’s default network drivers.

The Default Bridge Network

When running:

docker run nginx

Docker usually attaches the container to:

bridge

automatically.

This allows outbound internet access.

However:

containers on the default bridge network
do not automatically get DNS-based discovery

This becomes important later.

User-Defined Networks

Docker allows creating custom networks.

Example:

docker network create my-network

Containers attached to the same custom network can communicate easily.

Example:

docker run --network my-network --name api nginx
docker run --network my-network --name db postgres

Now containers can communicate using names:

api
db

instead of IP addresses.

Why DNS-Based Discovery Matters

Modern infrastructure changes constantly.

Container IPs may change frequently.

Instead of hardcoding IPs:

172.18.0.5

Docker provides internal DNS resolution.

Example:

backend → database

using:

db:5432

This dramatically simplifies service communication.

Container-to-Container Communication

Example architecture:

Frontend Container
        ↓
Backend API Container
        ↓
PostgreSQL Container

On the same Docker network:

• frontend can reach backend
• backend can reach database

without exposing everything publicly.

This is extremely important for security.

Internal vs External Traffic

Not every service should be publicly exposed.

Example:

Frontend → Public
Database → Internal Only

Docker networking helps separate:

• public traffic
• internal traffic

This is foundational in modern infrastructure design.

Bridge Networking Internals

Simplified bridge behavior:

Container
    ↓ virtual ethernet pair
Docker Bridge
    ↓
Host Network Interface

Docker internally creates virtual networking interfaces connecting containers to the bridge.

Linux networking technologies heavily power this behavior.

Port Mapping and Networking

Port mapping works together with Docker networking.

Example:

docker run -p 8080:80 nginx

Simplified flow:

Browser
   ↓
Host Port 8080
   ↓
Docker Networking
   ↓
Container Port 80

Without published ports:

services remain internal

even if networking exists.

Host Network Mode

Docker also supports host networking.

Example:

docker run --network host nginx

Simplified meaning:

Container shares host networking directly

In this mode:

• no port mapping required
• container uses host ports directly
• less isolation exists

This mode is powerful but should be used carefully.

None Network Mode

Docker also supports completely isolated networking.

Example:

docker run --network none ubuntu

Simplified result:

No external networking

The container becomes almost fully isolated from networks.

Viewing Network Details

To inspect networks:

docker network inspect bridge

This reveals:

• connected containers
• subnet ranges
• gateways
• driver configuration

Very useful for troubleshooting.

Why Containers Can Reach the Internet

Many beginners wonder:

How do containers access the internet?

Docker performs network address translation (NAT).

Simplified flow:

Container
    ↓
Docker Bridge
    ↓
Host Network
    ↓
Internet

Docker handles this automatically in most cases.

Common Beginner Mistake

One common beginner mistake is exposing everything publicly.

Example:

Database Port → Public Internet

This is dangerous.

Modern infrastructure usually exposes only necessary services publicly.

Internal services communicate over private Docker networks.

Infrastructure Thinking

Modern applications increasingly use:

microservices

This means many small services communicating together.

Example:

API
 ↓
Authentication Service
 ↓
Database
 ↓
Cache
 ↓
Monitoring

Docker networking became one of the key technologies enabling this architecture style.

Docker Networking Drivers

Docker supports multiple network drivers.

Common examples:

bridge
host
none
overlay
macvlan

Each driver solves different infrastructure problems.

For beginners, bridge networking is the most important starting point.

Networking and Docker Compose

Docker Compose heavily relies on networking.

Compose automatically creates networks allowing services to communicate by name.

Example:

web
db
redis

Service discovery becomes extremely simple.

This is one reason Compose is so powerful.

Why This Matters

Understanding Docker networking is critical before learning:

• Docker Compose
• reverse proxies
• microservices
• Kubernetes
• ingress systems
• service meshes

Modern infrastructure is fundamentally network-driven.

Without networking understanding, container orchestration becomes much harder.

Key Takeaways

• Containers are isolated networking environments
• Docker networking enables controlled communication
• The bridge network is Docker’s default network
• User-defined networks provide better service discovery
• Containers can communicate internally without public exposure
• Port mapping controls external accessibility
• Docker networking relies heavily on Linux networking technologies
• Modern microservice infrastructure depends heavily on container networking